Privacy Pia Fema Sar 09282011 DHS Privacy Documents for Department-wide Programs 08-2012

7/31/2019 Privacy Pia Fema Sar 09282011 DHS Privacy Documents for Department-wide Programs 08-2012

1/12

Privacy Impact Assessment

for the

FEMA Suspicious Activity Reporting (SAR)

DHS/FEMA/PIA-018

September 9, 2011

Contact Point

Danny RainsLaw Enforcement Coordination and Investigations Branch

Fraud and Internal Investigation Division

Office of the Chief Security Officer

Federal Emergency Management Agency

202-646-4263

Reviewing Official

Mary Ellen CallahanChief Privacy Officer

Department of Homeland Security

703-235-0780


2/12

Privacy Impact AssessmentFederal Emergency Management Agency

Suspicious Activity Reporting Process

Page 1

Abstract

The Federal Emergency Management Agency (FEMA), a component of the

Department of Homeland Security (DHS), manages a process for Suspicious ActivityReporting (SAR). This process, assigned to FEMAs Office of the Chief Security Officer

(OCSO), is designed to collect, investigate, analyze, and report suspicious activities to the

Federal Bureau of Investigations (FBI) Joint Terrorism Task Force (JTTF), FederalProtective Service (FPS), and/or other federal, state, or local law enforcement authorities

required to investigate and respond to terrorist threats or hazards to homeland security.

FEMA is conducting this privacy impact assessment (PIA) because this SAR processcollects, maintains, and uses personally identifiable information (PII).

Overview

FEMAs SAR process helps FEMA OCSO contribute to FEMAs mission to

support our citizens and first responders to ensure that as a nation we work together tobuild, sustain, and improve our capability to prepare for, protect against, respond to,

recover from, and mitigate all hazards. More specifically, FEMA OCSO will collect,

maintain, use, and retrieve records on individuals who report suspicious activities,

individuals reported as being involved in suspicious activities, and individuals chargedwith the investigation, analysis, and appropriate handling of suspicious activity reports.

FEMAs OCSO, Fraud and Investigations Unit, manages this process.

FEMA OCSO collects SAR information from individuals inside and outside of

FEMA through an OSCO operated toll free telephone number (866-847-7056), a tip line

email address ([email protected]) , the FEMA website

(www.fema.gov) and directly to FEMA personnel staffed at disaster locations, joint fieldoffices, regional offices, and other FEMA locations. These reports are collected by

FEMA in a brief narrative and include the suspected activity and contact information ofthe person reporting the incident. Upon receipt of the reported incident, FEMA OCSO

assigns a case number for tracking, in FEMA OCSOs SAR case management

spreadsheet, and then assigns each case to a FEMA OCSO special agent and/or analyst.The FEMA OCSO special agent and/or analyst may contact the person reporting the

suspicious activity to conduct additional research as necessary to verify and validate the

information provided.

The result of this conversation and additional research is documented in a FEMAOCSO Offense/Incident Report, which typically falls into one of the following three

categories: 1) FEMA OCSO special agent and/or analyst determines that the report isunfounded; 2) FEMA OCSO special agent and/or analyst determines that the report does

not have a nexus to terrorism or hazards to homeland security but does require transfer tofederal, state, or local law enforcement authority; or 3) FEMA OCSO special agent

and/or analyst determines that the report meets the Information Sharing Environment

(ISE) functional standard for determining a nexus to terrorism, so they notify the FBI

JTTF by entering the appropriate SAR information and data into the FBI e-Guardiansystem where it can be accessed, evaluated, and analyzed by authorized personnel,
mailto:[email protected]://www.fema.gov/http://www.fema.gov/mailto:[email protected]


3/12



Page 2

partners, and stakeholders outside the Department under the National SAR Initiative

(NSI).

Following necessary transfer to the appropriate authorities, FEMAs OCSO

special agent and/or analyst concludes the investigation by entering the analysis into a

paper-based FEMA OCSO Offense/Incident Report, scanning a copy of theOffense/Incident Report to be stored on the OSCO shared-drive, updating the case

management spreadsheet, and filing the paper copy in a secure location within FEMAOCSO offices. To reduce any risk of unauthorized access, FEMA SARs are secured in a

room monitored by FEMA OCSO special agents and analysts. Electronic files

maintained in the FEMA OCSO share-drive are protected from unauthorized accessthrough appropriate technical safeguards such as two part user authentication to access

any FEMA system on a secured network.

Plans are underway to centralize reporting within DHS of all suspicious activity

that meets the Information Sharing Environment (ISE) Functional Standard. Once those

plans are put into place, FEMA OSCO special agents and/or analysts will enter all vettedSARs into the DHS ISE SAR Vetting Tool (SVT) instead of the FBI e-Guardian system.

FEMAs SAR process is authorized and governed by 44 CFR Chapter 2Delegation of Authority; 42 U.S.C. 5196(d); Executive Orders 12333 and 13388; 40

U.S.C. 1315(b)(2)(F); 6 U.S.C. 314; The Homeland Security Act of 2002, asamended; the Intelligence Reform and Terrorism Prevention Act of 2004, as amended;

the National Security Act of 1947, as amended; and FEMA Manual 1010-1 Federal

Emergency Management Agency Missions and Functions.

FEMA SAR information may be shared during the course of an investigation orfurther analysis by a FEMA OCSO special agent and/or analyst. As outlined above, this

may occur when information is passed to the FBI JTTF, FPS, or to other federal, state, or

local law enforcement authorities for appropriate action. All information shared isdeemed For Official Use Only (FOUO) or Law Enforcement Sensitive (LES) and isgoverned by Executive Order 12958 and 13292. Any unauthorized disclosure of FOUO

or LES information may constitute a violation of Title 18, 641, 793, 798, 952, and

1924.

Section 1.0 Authorities and Other Requirements

1.1 What specific legal authorities and/or agreements permit

and define the collection of information by the project in

question?FEMAs authority to collect SARs and conduct investigations is permitted by, but

not limited to, the following legal acts: 44 CFR Chapter 2, Delegation of Authority, andFEMA Manual 1010-1. Other authorities include: 42 U.S.C. 5196(d); Executive

Orders 12333 and 13388; 40 U.S.C. 1315(b)(2)(F); 6 U.S.C. 314, The Homeland

Security Act of 2002, as amended; the Intelligence Reform and Terrorism Prevention Actof 2004, as amended; and the National Security Act of 1947, as amended.


4/12



Page 3

1.2 What Privacy Act System of Records Notice(s) (SORN(s))

apply to the information?

The following DHS SORNs apply:

For contact information: DHS/ALL - 002 - Mailing and Other ListsSystem of Records, 73 FR 71659, November 25, 2008.

For the protection of federal property: DHS/ALL - 025 - DHS Law

Enforcement Authority in Support of the Protection of Property Owned,

Occupied, or Secured by DHS, 75 FR 5614, February 3, 2010.

For FEMA SARs: DHS/FEMA - 012 Suspicious Activity Reporting Files

System of Records (Draft in process).

1.3 Has a system security plan been completed for the

information system(s) supporting the project?FEMAs OCSO SAR process utilizes existing FEMA tools, applications, and

systems rather than a new system itself. For that reason, no system security plan isrequired or has been completed.

1.4 Does a records retention schedule approved by the National

Archives and Records Administration (NARA) exist?

Yes, Pursuant to National Archives and Records Administration (NARA)Schedule Number N1-311-99-6, Items 1, 2, and 3, files containing information or

allegations which are of an investigative nature but do not relate to a specific

investigation are destroyed when five years old. Investigative case files that involveallegations made against senior agency officials, attract significant attention in the media,attract congressional attention, result in substantive changes in agency policies and

procedures, or are cited in the OIG's periodic reports to Congress are cut off when the

case is closed, retired to the Federal Records Center (FRC) 5 years after cutoff, and thentransferred to NARA 20 years after cutoff. All other investigative case files except those

that are unusually significant for documenting major violations of criminal law or ethical

standards by agency officials or others are placed in inactive files when case is closed, cut

off at the end of fiscal year, and destroyed 10 years after cutoff.

1.5 If the information is covered by the Paperwork ReductionAct (PRA), provide the OMB Control number and theagency number for the collection. If there are multiple

forms, include a list in an appendix.

FEMAs OCSO SAR process does not trigger the requirements of the PRA

because collection is by voluntary submittal from individuals inside and outside ofFEMA. Any collection from the public falls under 5 CFR 1320.4(a)(4), and is thus

exempted from requirements of the PRA.
http://edocket.access.gpo.gov/2008/E8-28053.htmhttp://edocket.access.gpo.gov/2008/E8-28053.htmhttp://edocket.access.gpo.gov/2010/2010-2207.htmhttp://edocket.access.gpo.gov/2010/2010-2207.htmhttp://edocket.access.gpo.gov/2010/2010-2207.htmhttp://edocket.access.gpo.gov/2010/2010-2207.htmhttp://edocket.access.gpo.gov/2010/2010-2207.htmhttp://edocket.access.gpo.gov/2010/2010-2207.htmhttp://edocket.access.gpo.gov/2008/E8-28053.htmhttp://edocket.access.gpo.gov/2008/E8-28053.htm


5/12



Page 4

Section 2.0 Characterization of the Information

The following questions are intended to define the scope of the information

requested and/or collected, as well as reasons for its collection.

2.1 Identify the information the project collects, uses,disseminates, or maintains.

FEMAs OCSO SAR process collects information about suspicious activities and

individuals made by individuals inside and outside of FEMA. This information issupplemented by additional investigation and analysis by FEMA OCSO special agents

and/or analysts. This information is captured in a FEMA OCSO Offense/Incident Report

and scanned and stored on the FEMA OCSO shared-drive. This report enables thecollection of standardized information about individuals who report suspicious activities,individuals reported as being involved in suspicious activities, and individuals charged

with the investigation, analysis, and appropriate handling of suspicious activity reports.

The information collected is consistent for each group and includes the following:

Case/Incident Number;

Name (first, middle, last);

Address (number, street, apartment, city, state);

Age;

Sex;

Race;

Injury code if applicable;

Signature (Investigator, Analyst, or LEO);

Jurisdiction;

Telephone numbers (home, business, or cell);

Other contact information (e.g., email address); and

Property information (name, quantity, serial number, brand name, model,value, year, make, color, identifying characteristics, and registration

information).

FEMAs OCSO special agents and analysts also utilize a commercial source of

information called LexisNexis/Choice Point to verify the identity information collectedfrom reporting or suspicious individuals. In addition, FEMA OCSO special agents and

analysts query the FBI e-Guardian system to identify any additional relevant information.

In the future, FEMA OCSO special agents and analysts will query the SVT in the samemanner they currently use the FBI e-Guardian system.

2.2 What are the sources of the information and how is theinformation collected for the project?

As defined in Section 2.1, FEMA OCSO special agents and analysts obtain

information directly from individuals, from other government and commercially available

systems, and also from other law enforcement entities to complete their investigationsand analysis.


6/12



Page 5

2.3 Does the project use information from commercial sources

or publicly available data? If so, explain why and how this

information is used.As defined in section 2.1, FEMAs OCSO utilizes LexisNexis/Choice Point

LexisNexis/Choice Point to verify the identity information collected from reporting orsuspicious individuals.

2.4 Discuss how accuracy of the data is ensured.Accuracy of the information is the responsibility of the individual providing the

information to FEMA. FEMA OCSO special agents and analysts validate the data and

information through the analytic process of their investigation utilizing the sources of

information described in Section 2.1. A FEMA OCSO supervisor, within the Fraud and

Investigation Unit, reviews all Offense/Incident Reports for completeness, safety issues,and specificity prior to dissemination of that information to the FBI JTTF, FPS, or other

federal, state, or local law enforcement authority. Additionally, PII contained in the

Offense/Incident Reports may be reviewed for accuracy by the individual from whom thePII is collected when not otherwise prohibited by law.

2.5 Privacy Impact Analysis: Related to Characterization of

the InformationPrivacy Risk: There is a risk that information may not be accurate or timely

because it is not always collected directly from the individual involved.

Mitigation: Investigations and verifications of reported information are

completed in a diligent and complete manner. This is accomplished through employee

training on responsible steps to ensure that sufficient and relevant details have been

captured, and that proper legal authorities are notified to mitigate any potential hazard.Sources of investigative information are documented in sufficient detail to provide a basis

for assessing its reliability.

Section 3.0 Uses of the Information

The following questions require a clear description of the projects use of

information.

3.1 Describe how and why the project uses the information.FEMAs OCSO SAR process collects information about suspicious activities and

individuals made by individuals inside and outside of FEMA. This information is

supplemented by additional investigation and analysis by FEMA OCSO special agentsand/or analysts. This information is captured in a FEMA OCSO Offense/Incident Report

and scanned and stored on the FEMA OCSO shared-drive. This report enables thecollection of standardized information about individuals who report suspicious activities,

individuals reported as being involved in suspicious activities, and individuals charged

with the investigation, analysis, and appropriate handling of suspicious activity reports.


7/12



Page 6

Following this process, one of three things will occur: 1) FEMA OCSO special

agent and/or analyst determines that the report is unfounded; 2) FEMA OCSO special

agent and/or analyst determines that the report does not have a nexus to terrorism orhazards to homeland security but does require transfer to federal, state, or local law

enforcement authority; or 3) FEMA OCSO special agent and/or analyst determines thatthe report meets the Information Sharing Environment (ISE) functional standard fordetermining a nexus to terrorism, so they notify the FBI JTTF by entering the

appropriate SAR information and data into the FBI e-Guardian system where it can be

accessed, evaluated, and analyzed by authorized personnel, partners, and stakeholdersoutside the Department under the NSI.

3.2 Does the project use technology to conduct electronic

searches, queries, or analyses in an electronic database to

discover or locate a predictive pattern or an anomaly? If so,

state how DHS plans to use such results.

FEMAs OCSO utilizes LexisNexis/Choice Point to verify the identityinformation collected from reporting or suspicious individuals. FEMA OCSO special

agents and analysts also query the FBI e-Guardian system using the compiled information

to determine if there is a nexus to terrorism. In the future, FEMA OCSO special agentsand analysts will query the SVT in the same manner they currently use the FBI e-

Guardian system.

3.3 Are there other components with assigned roles and

responsibilities within the system?No. There are no other Departmental components that are assigned roles and

responsibilities within this process.

3.4 Privacy Impact Analysis: Related to the Uses of

Information

Privacy Risk: There is a risk of misuse or unauthorized access to the

information.

Mitigation: To mitigate this risk, access to background checks are conducted on

all personnel that may access FEMA investigatory records and only those FEMA OCSOpersonnel with the appropriate roles may access SAR records. FEMA SAR records are

controlled by limiting access to records, which are secured in a room monitored by

FEMA OCSO special agents and analysts. The case managers maintain a manifest of all

FEMA OCSO personnel and their roles/titles.

Section 4.0 Notice

The following questions seek information about the projects notice to theindividual about the information collected, the right to consent to uses of said

information, and the right to decline to provide information.


8/12



Page 7

4.1 How does the project provide individuals notice prior to the

collection of information? If notice is not provided, explain

why not.Notice is not typical due to the fact that SAR reporting frequently results in

escalation to law enforcement agencies, and any release of this information couldadversely affect or jeopardize investigative activities. Furthermore, all information

shared is deemed FOUO or LES and is governed by Executive Order 12958 and 13292.Any unauthorized disclosure of FOUO or LES information may constitute a violation of

Title 18, 641, 793, 798, 952, and 1924.

The public is provided notice via this PIA and the SORNs lists in section 1.2.

When an individual contacts FEMA about a suspicious activity, the FEMA OCSO special

agent or analyst also provides additional notice to the individual.

4.2 What opportunities are available for individuals to consent

to uses, decline to provide information, or opt out of theproject?

SARs received inside or outside of FEMA typically come voluntarily. Individuals

are providing their consent for the use of the information provided.

Individuals being investigated by FEMA OSCO special agents are not given the

opportunity to consent or decline to provide information or opt out of the investigation.

4.3 Privacy Impact Analysis: Related to NoticePrivacy Risk: There is a risk that information could be used in a manner

inconsistent with the established DHS/FEMA privacy policies.

Mitigation: FEMA OCSO does not collect more information than is needed for

the SAR investigation and analysis and does not share information with other agencies orjurisdictions that do not have a need-to-know. Access is strictly limited to authorized

staff that requires access to perform their official duties. Information is also protected

from unauthorized access through appropriate technical safeguards such as two part userauthentication to access any FEMA system on a secured network.

Section 5.0 Data Retention by the projectThe following questions are intended to outline how long the project retains the

information after the initial collection.

5.1 Explain how long and for what reason the information is

retained.Pursuant to National Archives and Records Administration (NARA) Schedule

Number N1-311-99-6, Items 1, 2, and 3, files containing information or allegations whichare of an investigative nature but do not relate to a specific investigation are destroyed

when five years old. Investigative case files that involve allegations made against senior

agency officials, attract significant attention in the media, attract congressional attention,

result in substantive changes in agency policies and procedures, or are cited in the OIG's


9/12



Page 8

periodic reports to Congress are cut off when the case is closed, retired to the Federal

Records Center (FRC) 5 years after cutoff, and then transferred to NARA 20 years after

cutoff. All other investigative case files except those that are unusually significant fordocumenting major violations of criminal law or ethical standards by agency officials or

others are placed in inactive files when case is closed, cut off at the end of fiscal year, anddestroyed 10 years after cutoff.

5.2 Privacy Impact Analysis: Related to RetentionPrivacy Risk: There is a risk that FEMA OCSO will maintain incident and

personnel information longer than is needed and thus increase FEMA OCSOs

vulnerability to a major privacy incident.

Mitigation: FEMA OCSOs policies and procedures for expunging data,

including records pertaining to approved and unapproved applications, at the end ofretention period are consistent with NARA policy guidance. These procedures are

documented by the FEMA Records Officer and follow NARAs General Records

Schedule (GRS) guidelines, including the submittal of SF 115 forms to NARA.

Electronic records are destroyed in accordance with the same NARA GRS that applies tohard paper copies.

Section 6.0 Information Sharing

The following questions are intended to describe the scope of the project

information sharing external to the Department. External sharing encompasses sharingwith other federal, state and local government and private sector entities.

6.1 Is information shared outside of DHS as part of the normal

agency operations? If so, identify the organization(s) and how theinformation is accessed and how it is to be used.FEMA OCSO special agents and analysts may share information with the FBI

JTTF, FPA, and other federal, state, and local law enforcement authorities; however,FEMA OCSO special agents and analysts only share information with appropriate

authorities who have a need to know and only when FEMA OCSO special agents and

analysts deems it appropriate to do so. All information shared is deemed FOUO and LESand is governed by Executive Order 12958 and 13292. Any unauthorized disclosure of

FOUO or LES information may constitute a violation of Title 18, 641, 793, 798, 952,

and 1924.

6.2 Describe how the external sharing noted in 6.1 is compatiblewith the SORN noted in 1.2.Routine uses listed in the SORNs outlined in Section 1.2 allows FEMA to share

information with the FBI JTTF, FPS, and other federal, state, and local law enforcementauthorities. The sharing of SARs through a standard distribution list to notify appropriate

entities is compatible with the routine uses and the original purpose for collection.


10/12



Page 9

6.3 Does the project place limitations on re-dissemination?All information shared is deemed FOUO and LES and is governed by Executive

Order 12958 and 13292. Any unauthorized disclosure of FOUO or LES information may

constitute a violation of Title 18, 641, 793, 798, 952, and 1924.

6.4 Describe how the project maintains a record of anydisclosures outside of the Department.

FEMA OCSO special agents and analysts maintain a record of all disclosures to

the FBI JTTF, FPS, and other federal, state, and local law enforcement authorities. In

addition, the FBI e-Guardian system used to input SARs with a nexus to terrorismmaintains a record of all reports that have been previously entered. Using this

functionality within e-Guardian, FEMA can generate a list of reports provided to the FBI

JTTF. In the future, FEMA OCSO special agents and analysts will use the SVT in the

same manner they currently use the FBI e-Guardian system.

6.5 Privacy Impact Analysis: Related to Information SharingPrivacy Risk: There is a risk that FOUO and LES information may be lost,stolen, or compromised.

Mitigation: Information received by the FEMA OCSO special agents and

analysts is not shared internally with other DHS components or externally with federal,state, or local authorities except for the reasons outlined in this PIA and the applicable

SORNs. These sharing practices come with additional safeguards on the receiving end.

In those instances, information is shared via hard copy printouts that are hand deliveredto and signed for by authorized personnel, or registered mail, thereby reducing the

privacy risks associated with transmitting sensitive personal information.

Section 7.0 Redress

The following questions seek information about processes in place for individuals

to seek redress which may include access to records about themselves, ensuring the

accuracy of the information collected about them, and/or filing complaints.

7.1 What are the procedures that allow individuals to access

their information?Individuals may contact FEMA OCSO who can verbally read back the statement

they provided when reporting the incident. In addition, individual members of the public

may make a FOIA request for copies of records from FEMA OCSO that are relevant tothat individual by using the online form on the FEMA.gov website(https://faq.fema.gov/cgi-bin/fema.cfg/php/enduser/doc_serve.php?2=home ) or by

emailing a request to [email protected]. FOIA requests may also be submitted

through the regular mail at the following address: FEMA Office of Records

Management/Disclosure Branch, 1800 S. Bell Street, Fourth Floor, Mail Stop 3005Arlington, VA 22202.
https://faq.fema.gov/cgi-bin/fema.cfg/php/enduser/doc_serve.php?2=homehttps://faq.fema.gov/cgi-bin/fema.cfg/php/enduser/doc_serve.php?2=homehttps://faq.fema.gov/cgi-bin/fema.cfg/php/enduser/doc_serve.php?2=homemailto:[email protected]:[email protected]:[email protected]://faq.fema.gov/cgi-bin/fema.cfg/php/enduser/doc_serve.php?2=home


11/12



Page 10

These rights are provided to the extent practicable for FEMA operations. Despite

being exempted under the Privacy Act, FEMA responds to any information requests on a

case-by-case basis where compliance would not hinder or unduly burden FEMAoperations. Each request will be evaluated and all records provided to the requestor to

the extent permitted by law.

7.2 What procedures are in place to allow the subject individual

to correct inaccurate or erroneous information?Individuals can contact FEMA OCSO through the toll-free hotline, via the email

tip line, and by using the direct contact number provided during the course of the

investigation to request corrections to erroneous information. In addition, they may alsorequest an update to erroneous information by regular mail at the following address:

FEMA Office of Chief Security Officer, Fraud and Investigation Unit, 1201 Maryland

Avenue, SW, Washington, D.C. 20024.

To correct the information, FEMAs OCSO adds a supplement to the originalreport and update the appropriate authorities if the changes resulted in new information.

7.3 How does the project notify individuals about the

procedures for correcting their information?Individuals are provided notice by this PIA and associated SORN. In addition,

FEMA OCSO special agents and analysts provide direct FEMA OCSO contact

information so that individuals reporting suspicious activity can provide additional

information at a later date.

7.4 Privacy Impact Analysis: Related to Redress

Privacy Risk: There is a risk that too much or inaccurate information will becollected on individuals without their knowledge or consent to accuracy.

Mitigation: Individuals may contact FEMA OSCO or the FEMA Disclosure

Branch as discussed in Section 7.1 above to access and correct information on them or

provided by them.

Section 8.0 Auditing and Accountability

The following questions are intended to describe technical and policy based

safeguards and security measures.

8.1 How does the project ensure that the information is used inaccordance with stated practices in this PIA?FEMA OSCO incorporates the stated practices within this PIA in their SAR

Standard Operating Procedures (SOPs) and everyone who participates in the FEMA SAR

process is required to attend the mandatory analyst training. Also, the FEMA OSCO

Fraud and Investigation Unit Director reviews all reports to ensure information is


12/12



Page 11

complete and accurate. FEMA OCSO and this process are also subject to audits from the

Government Accountability Office (GAO) and DHS Office of the Chief Security Officer.

8.2 Describe what privacy training is provided to users eithergenerally or specifically relevant to the project.

All DHS employees are required to take basic privacy training and the FEMA

OCSO provides refresher privacy awareness training annually to their staff as it relates tolaw enforcement activities. In addition, all individuals who are interacting with the

FEMA OSCO SAR process are required to take specialized training on the use and

submission of SAR information and data.

8.3 What procedures are in place to determine which users may

access the information and how does the project determine

who has access?As referenced in section 8.1, the case manager accessing the files has a list of

authorized FEMA OSCO personnel and their roles to determine who may review casefiles. This list is reviewed regularly to make sure that listed individuals are authorized

current employees of FEMA.

8.4 How does the project review and approve information

sharing agreements, MOUs, new uses of the information,

new access to the system by organizations within DHS and

outside?FEMA OSCO does not a have Memoranda of Understanding (MOU) or

Information Sharing Access Agreements (ISAA) with agencies inside or outside of DHS.

The information shared is deemed FOUO or LES and is governed by Executive Order12958 and 13292. Any unauthorized disclosure of FOUO or LES information may

constitute a violation of Title 18, 641, 793, 798, 952, and 1924.

Responsible Officials

Dr. Lesia Banks

Acting Privacy Officer

Federal Emergency Management Agency


Approval Signature

Final signed version on file with the DHS Privacy Office.

_________________

Mary Ellen Callahan

Chief Privacy Officer
